I have a question about the way requests work upon using the back button in a browser. I have 3 servlets. The first has a form that upon submission queries a database and forwards the request on to the second. The second servlet displays information from the results of the database search and displays a form to go to servlet #3. The third servlet displays a link for payment on an external website. What I am attempting to do is prevent the user from using their back button to view out-of-date results from the database in servlets #2 and #3. Servlets #1 and #2 use GET method while #3 uses POST. So the logic is like this:
Servlet #1: User submits search form. Store results in HttpSession.
Servlet #2: Check for valid HttpSession. Display search results
Servlet #3: Check for valid HttpSession. Display link for payment on third party site
In servlets #2 and #3 if a valid HttpSession isn't detected up front I am redirecting to the home page. To check for out-of-date information I have added a check in servlet #3 in its request-handler to check the database to make sure the results stored in the session still match what's on the database. If not, invalidate the session and redirect to the homepage. Now if I alter the database, either manually or by making a payment, and use my back button of my browser to back up to servlet #2 it appears that a new request is submitted because I see updated results.
So my question is this: Is my original request from servlet #1 being re-sent when I use my back button to back up to servlet #2?
Yes web browser caches the POST form request details and when to hit F5/Backspace or click on web browser's back button it actually re-sends it. To avoid this there could be more ways but my suggestion is to make a dummy request after POST request (Have stored all data of POST request in httpsession) which actually would go to browser and comes to the servlet. This is to overwrite the web browser cache and valuable requests such as payment request can be stripped out of re-sending. I've implement the solution in my web site long back and working fine. Ensure this method won't be a problem of your performance.
No pain, No gain.
Joined: Aug 30, 2011
Even though I didn't set no-cache in the header of servlet #2 it appears that it was sometimes re-sending the GET request. So what I wound up doing was changing that request method from servlet #1 to POST as well. The reason is because most browsers, if not all, will warn the user they are navigating back to a page that received a POST request and the browser will send a new request to the server.